CVE-2018-20524
Affected software: Chat Anywhere extension for Chrome, version 2.4.0. Vulnerability details: A cross-site scripting (XSS) flaw exists because the danmuWrapper DIV in chatbox-only\danmu.js lies outside the scope of the extension’s Content Security Policy (CSP). This can be exploited via crafted me...